Facebook finally gets it with new, simpler privacy controls

Facebook hasn't made many friends recently with its constantly eroding privacy …

Facebook has introduced its newly overhauled privacy controls, and most critics should be pleased this time around. The company noted during a press conference Thursday that the site today is very different from how it was when it first started in 2004, admitting that the privacy controls had grown into something of a Frankenstein monster as the company kept adding on features. Thanks to feedback from users, CEO Mark Zuckerberg said, Facebook has completely revamped its offerings and has begun slowly rolling out the change to users.

One thing Facebook has made clear is that the privacy changes apply to all content retroactively as well as new products going forward. There's now one control (found by going to the Account menu and then Privacy Settings) that allows users to make all of their content—photos, contact info, wall postings, etc.—available to only friends, friends of friends, or everyone. If users want to customize those settings on a more granular basis, they can, but that's no longer required if users want to just make one click and be done with it.

Facebook has also added a separate page for controlling your directory information—essentially letting you decide how easy or hard you want to make it for other Facebook users to find you. Through this page, you can control who can search for you on the site based on the three aforementioned tiers (friends, friends of friends, or everyone). The same will apply to who can send you friend requests, who can send you messages, who can see your friend list, who can see your current city and hometown, and so on.

Here, there are certain settings that are not set to the highest privacy setting by default—at a press conference announcing the changes, Zuckerberg said the company thinks it's important for all Facebook users to be able to perform a search for all other Facebook users, because how else will your friends find you? However, users who choose to hide from the world are welcome to do so.

Finally, Facebook has made it much easier for users to opt out of its "Platform," which is what third-party apps and websites use to connect to information on your profile. If you choose to turn it off, all applications will be off and any data they may have collected from your profile will be deleted. Facebook has also changed the information screen displayed when you add new apps—no longer does it simply state that you're handing over all your information to a third party. Instead, the app will show you exactly what information it wants to use from your profile, allowing you to have a better understanding of what you're handing over when you add new apps to your account.

As a veteran Facebook user, I can say that the new settings seem simplified while at the same time allowing granular control if I want it. When I have counseled friends and family on how to change their settings in the past, I have had to walk them through a complex process, and the one- (or two-) click process for most profile settings will be a very welcome change for many users.

The Center for Democracy & Technology and the American Civil Liberties Union of California both seemed to agree. "Despite all rumors to the contrary, privacy is not dead, it is on its way to a comeback in the form of simplified controls and better policies," CDT President Leslie Harris said in a statement.

"After months of privacy-failing moves, Facebook is finally friending privacy again," ACLU Technology and Civil Liberties Policy Director Nicole Ozer said. "We hope that Facebook will learn from this recent round of privacy problems and going forward, will keep its principles and not just its pocketbook in mind."

Zuckerberg told the press that the company has learned a serious lesson in recent months. "Don't mess with the privacy stuff for a long time!"he exclaimed. Zuckerberg also said that the company listened to feedback from lawmakers, privacy groups, and users themselves as it worked on the changes. Facebook has also updated the privacy guide on its site and plans to roll out a message at the top of users' home pages in order to communicate the changes.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui

76 Reader Comments

If they hadn't messed around with privacy so much in the past, and if Zuckerberg hadn't made the comments he made about privacy, I might have had a facebook account. This is encouraging, but their history tells me they can't be trusted.

Not really a huge fan of activities and interests now being public without an option to change it. It's not really the handing back of privacy that they seem to paint it as, there are wide areas where you have no control and facebook still owns everything, but they made controls simpler.

Since I'd already spent the two minutes to go through the old privacy settings, the new ones offer me nothing new. Except maybe more incentive to move to diaspora when it opens up

Unrelated, but something I don't get: You have an awesome short URL system, but I have to dig through the page source to find your arst.ch link. When I use any of your sharing options, I get a bit.ly link or similar nonsense. Why?

Edit: okay, the Tweet! link uses the arst.ch URL, but the Share/Email doesn't. Why isn't your short URL shown anywhere on the page to just copy? (I prefer using my Twitter client)

Not really a huge fan of activities and interests now being public without an option to change it. It's not really the handing back of privacy that they seem to paint it as, there are wide areas where you have no control and facebook still owns everything, but they made controls simpler.

I'm sorry? Your interests & activities are not public if you don't want them to be. You can change them so they're friends-only, friends of friends, or everyone, just like everything else. I'm looking at the setting right now.

Look like nice changes, but I don't think I'll be getting back on. Like a few others here, I'm waiting for Diaspora with baited breath.

I don't know. I'm not the heaviest of Facebook users and I'll definitely welcome Diaspora to the party, but I've been boycotting for a while due to the privacy concerns. I may start using it lightly, again based on these changes. Especially nice is the platform opt-out.

shows that Zuckerberg just doesn't get it. Gee. To be young, dumb, and in charge!

While Facebook needs to make money and selling/using user data is the only real way they have to do that (and targeted advertising), I imagine they have many more members that just don't give a crap about privacy (yet) than members that do.

They shouldn't "mess with privacy" period. Unless it is to provide the end user with more control and clear control over their privacy settings.

Unrelated, but something I don't get: You have an awesome short URL system, but I have to dig through the page source to find your arst.ch link. When I use any of your sharing options, I get a bit.ly link or similar nonsense. Why?

We used to, but no one used it (we track the usage of those buttons).

There's tons of ways to get this integrated into your browser, if you're interested:

I'd like to get away from it, but it's awfully convenient for keeping in touch (e.g. a number of my friends have been getting married and use the site to find addresses for invites). Definitely look forward to trying Diaspora once it's out.

off topic: I'm amused by the group using the word Diaspora for a social website, it means 'dispersion' which is the opposite of getting together. I guess it could be a website for people who don't want to be connected.

We'll be rolling out these changes to all of you over the next few weeks. You can always check out the new privacy page, which explains how the settings will work. When you get the new controls, please play around and find the settings that feel best for you. If you have any questions or comments, let us know. We're listening.

Not really a huge fan of activities and interests now being public without an option to change it. It's not really the handing back of privacy that they seem to paint it as, there are wide areas where you have no control and facebook still owns everything, but they made controls simpler.

I'm sorry? Your interests & activities are not public if you don't want them to be. You can change them so they're friends-only, friends of friends, or everyone, just like everything else. I'm looking at the setting right now.

He is talking about the new "connections" features where you become part of world visible pages for listing things like "running" under your interests. You still can't hide from that.

EDIT: For fun, check out the facebook Running page and refresh to watch the number slowly climb.

Unrelated, but something I don't get: You have an awesome short URL system, but I have to dig through the page source to find your arst.ch link. When I use any of your sharing options, I get a bit.ly link or similar nonsense. Why?

We used to, but no one used it (we track the usage of those buttons).

Okay, I see. But if you have control over the Share/Email thingy, you could use that link there too (not just the Tweet! button).

We'll be rolling out these changes to all of you over the next few weeks. You can always check out the new privacy page, which explains how the settings will work. When you get the new controls, please play around and find the settings that feel best for you. If you have any questions or comments, let us know. We're listening.

Not really a huge fan of activities and interests now being public without an option to change it. It's not really the handing back of privacy that they seem to paint it as, there are wide areas where you have no control and facebook still owns everything, but they made controls simpler.

I'm sorry? Your interests & activities are not public if you don't want them to be. You can change them so they're friends-only, friends of friends, or everyone, just like everything else. I'm looking at the setting right now.

I was going off a lifehacker article, apparently they haven't quite got it right (or are referring to what Game_ender mentioned). I haven't had a chance to put these new settings through their paces myself though, perhaps I should do that before commenting in future

I'd like to be able to control messages related to events. Sometimes a good friend will invite me to a play or something I just don't care about, then before I RSVP (any status) I get emails on every update for the event. Wish there was a way to selectively block that. Sometimes I actually do want to attend, and the update is important (new date/location), but usually not.

Facebook will recover soon and everyone will go back to their old, voyeuristic ways soon enough. The tech geeks like you and me might avoid it, but you don't need us when you have the rest of the casual world on your side.

Not really a huge fan of activities and interests now being public without an option to change it. It's not really the handing back of privacy that they seem to paint it as, there are wide areas where you have no control and facebook still owns everything, but they made controls simpler.

I'm sorry? Your interests & activities are not public if you don't want them to be. You can change them so they're friends-only, friends of friends, or everyone, just like everything else. I'm looking at the setting right now.

I was going off a lifehacker article, apparently they haven't quite got it right (or are referring to what Game_ender mentioned). I haven't had a chance to put these new settings through their paces myself though, perhaps I should do that before commenting in future

Interests and activities ("connections") are rather oddly implemented in the old privacy model-- they can be hidden from your profile page (which is what those controls in the old privacy pages did), but the data is still public-- applications and other areas of the Facebook site can still access it.

From what I'm reading, it looks like this has been fixed-- there's now privacy controls on all your data (including interests and activities), and those privacy controls actually control access to the data, not just how it's presented on the website, so what's private really is private. In this respect, I believe Lifehacker is wrong. I don't have access to the new controls yet, though, so I can't verify whether or not this is true.

off topic: I'm amused by the group using the word Diaspora for a social website, it means 'dispersion' which is the opposite of getting together. I guess it could be a website for people who don't want to be connected.

I think you're being too literal.

Wikipedia says:"A diaspora (in Greek, διασπορά – "a scattering [of seeds]") is any movement of a population sharing common national and/or ethnic identity. While refugees may or may not ultimately settle in a new geographic location, the term diaspora refers to a permanently displaced and relocated collective."

Facebookian refugees relocating to a new social network. Seems appropriate enough.

They could have just done all this in the first place, instead of trying to confuse people into what FB wanted. They're still the same people, with the same agenda. They're just bidding their time. It'll happen again.

If they hadn't messed around with privacy so much in the past, and if Zuckerberg hadn't made the comments he made about privacy, I might have had a facebook account. This is encouraging, but their history tells me they can't be trusted.

I'm with you there. I deleted (not just "deactivated") my FB account, and won't go back. Tried pip.io and was NOT impressed. Think I'll stick with the fairly light things like, say, Twitter. Just me.

off topic: I'm amused by the group using the word Diaspora for a social website, it means 'dispersion' which is the opposite of getting together. I guess it could be a website for people who don't want to be connected.

I think you're being too literal.

Wikipedia says:"A diaspora (in Greek, διασπορά – "a scattering [of seeds]") is any movement of a population sharing common national and/or ethnic identity. While refugees may or may not ultimately settle in a new geographic location, the term diaspora refers to a permanently displaced and relocated collective."

Facebookian refugees relocating to a new social network. Seems appropriate enough.

You're probably right, I have studied African/Middle Eastern Diaspora for quite a while and it is about the dispersion of stories and myth and how they change as the stories move across cultures, so I tend to think in those terms. They may be using the Jewish interpretation of the word which has to do with migrations of people, as you said.

You're probably right, I have studied African/Middle Eastern Diaspora for quite a while and it is about the dispersion of stories and myth and how they change as the stories move across cultures, so I tend to think in those terms. They may be using the Jewish interpretation of the word which has to do with migrations of people, as you said.

Its also supposed to mirror how Diaspora will grow. People will leave their home (facebook) to join a variety of different servers hosting Diaspora "seeds" which all interconnect to give you the same functionality as facebook but with more control over your data.

Am I the only one who didn't have a problem with the old Privacy Settings? The whole world was up in arms about them, but they suited me just fine... Still, the new ones don't look bad, will have to see what they are like fully when I get them rolled out to my account.

EDIT: For fun, check out the facebook Running page and refresh to watch the number slowly climb.

And for even more fun, look at how FB aggregates all of the activity on its service that has the word "running" in it, from wall posts to status updates, both from friends and global.

I, for one, am not convinced by this gesture. They did what they absolutely had to do to address user backlash, but they are still the same company. What is going to prevent them six months from now from adding another "feature" like Connections or Beacon, without addressing the potential privacy concerns beforehand. It is not likely that I'll actually delete my account, but I am certainly going to seek alternatives, and keep my own activity to a minimum.

This looks quite good, especially the part about being able to FIND the privacy settings. Being able to totally opt-out of Platform is something I've asked for for a long time.

Nonetheless, my account is deleted and I won't be rushing back in. FB isn't off the hook, they are just on probation. Let's see how long it takes for Zuck & Co. to find new ways to chip away at these new settings. And in the meantime, perhaps Diaspora or a dark horse project will be in the running.

Yeah, too bad they already pissed me off enough I deleted my account and will probably never use another social network again (wasn't really my cup of tea in the first place, facebook just convinced me its a bad idea no matter who runs it).

I somehow suspect this isn't quite enough to appease the various data protection authorities around Europe. They're quite picky when it comes to what users have been asked and whether an opt-in was voluntary and clear…